Previously Marcus Brinkmann wrote: > An origin field for Debian packages can be generated automatically by > dpkg-dev scripts, there is no need for developers to change anything.[1] > On the next upload after they upgraded to the new dpkg package the > package would automatically carry the origin field. There is a slight problem with this in that if someone isn't careful he will make packages which claim to originate from Debian even though they are not meant for Debian. > It's a technical change, so it does not require a vote or expressed opinion > by the developers. The dpkg developers simply can decide to include such a > field. Agreed. The reason I haven't done so is that I haven't come up with a good way to to configure a default origin, or if there really should be a default. I'm very tempted to create a configuration file for the dpkg-suite which a default. > It's quite hard to achieve an Origin field which can't be forged, as this > requries package signing. However, that's an entirely different issue, and > was discussed at length in other threads. Right. I think we should definitely study Ian's proposal for this and start implementing it. Having a trust path from the downloaded package back to Debian and eventually a developer is becoming more and more important. Wichert. -- _________________________________________________________________ / Generally uninteresting signature - ignore at your convenience \ | wichert@wiggy.net http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Attachment:
pgpE7rXM1PLSk.pgp
Description: PGP signature